Add basic automatix config

Extract desktop-specific settings that are shared by asterix and obelix into desktop role.

3 files changed, 16 insertions, 42 deletions

diff --git a/conf/common.nix b/conf/common.nix
new file mode 100644
index 0000000..d1c4ba1
--- /dev/null
+++ b/conf/common.nix
@@ -0,0 +1,16 @@
+{ pkgs, ... }:
+
+{
+  users.extraUsers.common = {
+    isNormalUser = true;
+    uid          = 1000;
+    extraGroups  = [ "wheel" ];
+    shell        = pkgs.fish;
+
+    openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDy2h3NXWVW7BlEehCCgQ3ZMq64rqxoI70dg9Zq3SdIWcqunkWsHGSmzXbxM0ZCD2/VWNVrvShusg0dDSOwV64HUxIuDWpM6gCvg5MKBS0ZMwb9831d0ybf6kU/gppJGyM7R9HspB69C9pnKBB6vUUXd/TgmjhiAHPCwbq/vgWRN7yYGwB/tc7pRiugk6tyfgvXvFCnQXZLoPSx0qBF3L6YyRzbtL5sI7KoN/gCzgqnT0H91vhxkjXrPN+GnW43lcbaqApd3gd0NmMaWNxR6ZKnXFFcUPI72cbBmhe3+t15pF9ZUYZ0sKSfbgOZx0vHLiS69Dr63L6gVNGNx7B/yxC3 common@asterix"
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCdvxfprSTiMGKeH3GvG9/gupBM0urKTrliK2wzrgcHgNyWiaGFveRpX4cMPdi8uhfDrwGmKLYJfAfjsmmpmY8DTDpkeXT2vdS7q0YtoYCgjztXum0Fxd4khR3Z4Pwh6BEpxBgzIE94T749wuvW2gZLyHGPyZH5w3EXr4TBh4YSwUwVYGrPaGDVbsJ/8lEpqPu5T4S1CzaaLh0mfuyIJfo0EfU8TWmA028qVfz+6jT3/CZrv0Ru/HYEo6mAY35Im3pGTug7GWLI45tbaI++jJCo7dK+rs3uPyccHxLHnUwPtxj4wVGBbcVy8S5LyJpm2lFHQO4eu4QHiFgBA2GeXCF common@obelix"
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCg5H5dtZwtKltCjCbQ2wDsMMNb3X7wcpiPpH+QBIdhMcDeyiEy5HoD6yVKppIJA9KQKr7VjzCF0eV/PgBVyoKZGGPSfB1B1Diys6MYCBSgfYh7iqxzyzdOl4/NTGsHEN6iH9e86QBge5VcUaIf/2H/g4F+5/mekR3h6aDqkS596pk3PzSiuWIZN1OCaTILG0QakQ24oevlHloasG2oWdR+Bfjp3kFvDbX5yVPPSBCLwCnyZPWse+MYAD+HAw70pve7InO35s/VyodC8RODiHZ6sQAK+o1Y9g1UDE1aTXhXWBNt1wQVIlYd9+Bf4lWuB0FA5kUfXd4Li5O4RWW3fsKT common@Schreibfix"
+    ];
+  };
+}
diff --git a/conf/vpn/T-TeleSec_GlobalRoot_Class_2.pem b/conf/vpn/T-TeleSec_GlobalRoot_Class_2.pem
deleted file mode 100644
index 374b050..0000000
--- a/conf/vpn/T-TeleSec_GlobalRoot_Class_2.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----

-MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx

-KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd

-BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl

-YyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0MDE0WhcNMzMxMDAxMjM1

-OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy

-aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50

-ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0G

-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUd

-AqSzm1nzHoqvNK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiC

-FoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi

-1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx9702cu+fjOlbpSD8DT6Iavq

-jnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZ

-wI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGj

-QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/

-WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhy

-NsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC

-uvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVw

-IEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6

-g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN

-9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlP

-BSeOE6Fuwg==

------END CERTIFICATE-----

diff --git a/conf/vpn/kit.ovpn.nix b/conf/vpn/kit.ovpn.nix
deleted file mode 100644
index 82a21ee..0000000
--- a/conf/vpn/kit.ovpn.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-# adapted from https://www.scc.kit.edu/scc/net/openvpn/os/debian/kit.ovpn
-
-''
-client
-remote 141.52.8.20
-port 1194
-dev tun
-proto udp
-auth-user-pass
-nobind
-comp-lzo no
-tls-version-min 1.2
-ca ${./T-TeleSec_GlobalRoot_Class_2.pem}
-verify-x509-name "C=DE, ST=Baden-Wuerttemberg, L=Karlsruhe, O=Karlsruhe Institute of Technology, OU=Steinbuch Centre for Computing, CN=ovpn.scc.kit.edu" subject
-cipher AES-256-CBC
-auth SHA384
-verb 3
-script-security 2
-''